-<!-- Allow HTTP traffic. -->
-<network-security-config>
- <base-config cleartextTrafficPermitted="true" />
+<!-- Allow HTTP traffic and disable HSTS, which has no benefit for Privacy Browser (because unspecified links default to HTTPS) but has negative fingerprinting implications. -->
+<network-security-config
+ xmlns:tools="http://schemas.android.com/tools">
+ <base-config cleartextTrafficPermitted="true" hstsEnforced="false" tools:ignore="InsecureBaseConfiguration" />